This management relates to regularly identifying vulnerabilities, evaluating them, and taking steps to mitigate risks associated with vulnerabilities. Of course, it is not possible to eliminate all the vulnerabilities and all the risks, but steps must be taken to reduce them. It is better that organization have an effective vulnerability management program.
To maintain operational security, restricted change management or change control process needs to be followed, so that only those requested and approved changes are made.
All changes must be closely tracked and auditable; a detailed change record should be kept.
Audit records allow auditors to verify that change management policies and procedures have been followed.
Some changes can generate problems. For this reason, change management auditing allows operations staff to investigate recent changes in the event of damage.
This management is useful for standardize a configuration across the devices. Configuration management processes need to be implemented to ensure information resources are operated.
It is recommended that organizations have a Configuration management software .This software- for example – ensures that all computers have antivirus software.
As another example, today many organizations typically implement an automated configuration management database (CMDB) that is part of a system configuration management.
Many configuration management solutions can be used across all Windows, Linux, and Mac computers.